Upcoming SlideShare
Loading in...5




Network Security and Hacking Techniques

Network Security and Hacking Techniques



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Day5 Day5 Presentation Transcript

  • Network Security and Hacking Techniques Day 5
  • Introduction
    • Introduction
    • What is a Honeypot?
    • Value of Honeypot
    • Types of Honeypot
    • Solutions
    • Honeynet
    • Etc.
    • References
    “ The Linux Based Service s t hat Mean Business Securing Internet ”
  • Honeypot
    • The Honepot Project is an all-volunteer, non-profit research organization
    • Dedicated to learning the tools, tactics, and motives of the blackhat community and sharing the lessons learned
    • Traditional honeypots have been for deception or detecting attacks
  • Introduction
    • Term originally from the military
      • fake target or ambush
    • used in network security environment
    • Background
      • lack of information on blackhat communities
  • Goal
    • Primary
      • an instrument for information gathering and learning.
    • other possibilities for a honeypot
      • divert hackers from productive system
      • catch a hacker while conducting an attack
      • etc...
  • Honeypot (Cont…)
    • 1 st Generation Honeypot
    Firewall separating the Honeynet into three different networks
  • Honeypot (Cont…)
    • 2 nd Generation Honeypot
  • Honeypot (Cont…)
    • 2nd Generation (2002-)
      • easier to deploy, yet more difficult to detect
      • gather greater information
      • all requirements combined onto a single device
        • easier to both deploy and manage
      • a layer2 gateway, its acts as a bridge
        • more difficult to detect (it has no IP Stack)
        • control and capture all traffic in the single device
  • Information Security-Cryptography
    •     Basic Concepts
    •     Classical Cryptosystem
    •     Mathematics of Cryptography
    •     Modern Cryptographic techniques
    •     Secret Key Encryption
    •     Public Key Encryption
    •    Key Management
    • Legal Considerations
  • Information Security-Cryptography
    • Definitions
    • Introduction to Crytograhpy
    • Example Ciphers
    • Types of Ciphers
    • Methods of Encryption
  • Definitions
    • Algorithm: The set of mathematical rules used in encryption and decryption.
    • Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals.
    • Cryptosystem: Hardware or software implementation of cryptography that transforms a message to ciphertext and back to plaintext.
    • Cryptoanalysis: Practice of obtaining plaintext from ciphertext without a key or breaking the encryption.
    • Cryptology: The study of both cryptography and cryptoanalysis.
    • Ciphertext: Data in encrypted or unreadable format.
    • Encipher: Act of transforming data into an unreadable format.
  • Definitions (Conts…)
    • Decipher: Act of transforming data into a readable format.
    • Key: Secret sequence of bits and instructions that governs the act of encryption and decryption.
    • Key clustering: Instance when two different keys generate the same cipher text from the same plaintext.
    • Keyspace: Possible values used to construct keys.
    • Plaintext: Data in readable format, also referred to as cleartext.
    • Work factor: Estimated time, effort, and resources necessary to break a cryptosystem.
  • Cryptography
    • The most widely used tool for securing information and services is cryptography.
    • Cryptography relies on ciphers: mathematical function used for encryption and decryption of a message.
      • Encryption : the process of disguising a message in such a way as to hide its substance.
      • Ciphertext: an encrypted message
      • Decryption: the process of returning an encrypted message back into plaintext.
    Encryption Decryption Plaintext Ciphertext Original Plaintext
  • Example Ciphers
    • Caesar cipher: each plaintext characters is replaced by a character k to the right.
      • “ Watch out for Brutus!” => “Jngpu bhg sbe Oehghf!”
      • Only 25 choices! Not hard to break by brute force .
    • Substitution Cipher : each character in plaintext is replaced by a corresponding character of ciphertext.
      • E.g., cryptograms in newspapers.
    • plaintext code: a b c d e f g h i j k l m n o p q r s t u v w x y z
    • ciphertext code: m n b v c x z a s d f g h j k l p o i u y t r e w q
    • 26! Possible pairs.
  • Ciphers
    • For some message M, let’s denote the encryption of that message into cipher text as
    • E k (M) = C
    • Similarly, the decryption into plain text as
    • D k (C) = M
    • Notice,
    • D k (E k (M)) = M symmetric key algorithms.
    • Some algorithms use different keys for each operation:
    • D k1 (E k2 (M))= M public-key algorithms.
  • Simplified Model of Symmetric Encryption
  • Ingredients
    • Plain text
    • Encryption algorithm
    • Secret key
    • Cipher text
    • Decryption algorithm
  • Requirements for Security
    • Strong encryption algorithm
      • Even if known, should not be able to decrypt or work out key
      • Even if a number of cipher texts are available together with plain texts of them
    • Sender and receiver must obtain secret key securely
    • Once key is known, all communication using this key is readable
  • Attacking Encryption
    • Cryptanalysis
      • Relay on nature of algorithm plus some knowledge of general characteristics of plain text
      • Attempt to deduce plain text or key
    • Brute force
      • Try every possible key until plain text is achieved
  • Cryptanalysis plaintext Encrypt Decrypt K e K d C = E Ke (plaintext) Invader Side information plaintext plaintext Cryptanalysis
  • Cryptanalysis
    • Cryptanalysis is the science of recovering the plaintext of a message without access to the key.
        • Doesn’t have to discover the key necessarily.
        • The loss of a key without cryptanalysis is called a compromise.
    • Ciphertext-only attack
      • The attacker has to recover the plaintext from only the ciphertext.
    • Known-plaintext attack
      • Portions of the cipher are known as plaintext. The rest may be easier to recover
    • Chosen-plaintext attack
      • The attacker can choose what plaintext to encrypt, again making it easier to recover other ciphertext.
  • Encryption Algorithms
    • Block cipher
      • Process plain text in fixed block sizes producing block of cipher text of equal size
      • Data encryption standard (DES)
      • Triple DES (TDES)
      • Advanced Encryption Standard
  • Simple Block Cipher Plaintext message B 2 B 1 B 0 encrypt B 3 B 3 B 2 B 1 B 0
  • Problem
    • If the same block is encrypted twice with the same key, the resulting ciphertext blocks are the same
      • It is desirable to make identical plaintext blocks encrypt to different ciphertext blocks.
    • Two methods are commonly used for this:
      • CBC mode: a ciphertext block is obtained by first xoring the plaintext block with the previous ciphertext block, and encrypting the resulting value.
      • CFB mode: a ciphertext block is obtained by encrypting the previous ciphertext block, and xoring the resulting value with the plaintext.
  • Stream Ciphers
    • For some applications encryption in blocks will not work
      • Telephone conversation
      • Radio Broadcast
    • White noise…
  • Stream Cipher encrypt XOR K 0 K 1 K 2 K 3 number generator keystream buffer Plaintext stream Encrypted stream
  • Data Encryption Standard
    • US standard
    • 64 bit plain text blocks
    • 56 bit key
    • Broken in 1998 by Electronic Frontier Foundation
      • Special purpose machine
      • Less than three days
      • DES now worthless
  • Triple DES
    • ANSI X9.17 (1985)
    • Incorporated in DES standard 1999
    • Uses 3 keys and 3 executions of DEA algorithm
    • Effective key length 112 or 168 bit
    • Slow
    • Block size (64 bit) too small
  • Advanced Encryption Standard
    • National Institute of Standards and Technology (NIST) in 1997 issued call for Advanced Encryption Standard (AES)
      • Security strength equal to or better than 3DES
      • Improved efficiency
      • Symmetric block cipher
      • Block length 128 bits
      • Key lengths 128, 192, and 256 bits
      • Evaluation include security, computational efficiency, memory requirements, hardware and software suitability, and flexibility
      • 2001, AES issued as federal information processing standard (FIPS 197)
  • AES Description
    • Assume key length 128 bits
    • Input is single 128-bit block
      • Depicted as square matrix of bytes
      • Block copied into State array
        • Modified at each stage
      • After final stage, State copied to output matrix
    • 128-bit key depicted as square matrix of bytes
      • Expanded into array of key schedule words
      • Each four bytes
      • Total key schedule 44 words for 128-bit key
    • Byte ordering by column
      • First four bytes of 128-bit plaintext input occupy first column of in matrix
      • First four bytes of expanded key occupy first column of w matrix
  • AES Encryption and Decryption
  • AES Comments (1)
    • Key expanded into array of forty-four 32-bit words, w[i]
      • Four distinct words (128 bits) serve as round key for each round
    • Four different stages
      • One permutation and three substitution
        • Substitute bytes uses S-box table to perform byte-by-byte substitution of block
        • Shift rows is permutation that performed row by row
        • Mix columns is substitution that alters each byte in column as function of all of bytes in column
        • Add round key is bitwise XOR of current block with portion of expanded key
  • AES Comments (1)
    • Simple structure
      • For both encryption and decryption, cipher begins with Add Round Key stage
      • Followed by nine rounds ,
        • Each includes all four stages
      • Followed by tenth round of three stages
  • AES Encryption Round
  • AES Comments (2)
    • Only Add Round Key stage uses key
      • Begin and ends with Add Round Key stage
      • Any other stage at beginning or end, reversible without key
        • Adds no security
    • Add Round Key stage by itself not formidable
      • Other three stages scramble bits
      • By themselves provide no security because no key
    • Each stage easily reversible
    • Decryption uses expanded key in reverse order
      • Not identical to encryption algorithm
    • Easy to verify that decryption does recover plaintext
    • Final round of encryption and decryption consists of only three stages
  • Location of Encryption Devices Encryption Across a Packet Switching Network
  • Link Encryption
    • Each communication link equipped at both ends
    • All traffic secure
    • High level of security
    • Requires lots of encryption devices
    • Message must be decrypted at each switch to read address (virtual circuit number)
    • Security vulnerable at switches
      • Particularly on public switched network
  • End to End Encryption
    • Encryption done at ends of system
    • Data in encrypted form crosses network unaltered
    • Destination shares key with source to decrypt
    • Host can only encrypt user data
      • Otherwise switching nodes could not read header or route packet
    • Traffic pattern not secure
    • Use both link and end to end
  • Key Distribution
    • Question: How to deliver a shared key to 2 parties that wish to exchange data without others to see the key?
    • Key selected by A and delivered to B
    • Third party selects key and delivers to A and B
    • Use old key to encrypt and transmit new key from A to B
    • Use old key to transmit new key from third party to A and B
  • Automatic Key Distribution for Connection-Oriented Protocols
  • Automatic Key Distribution
    • Session Key
      • Used for duration of one logical connection
      • Destroyed at end of session
      • Used for user data
    • Permanent key
      • Used for distribution of keys
    • Key distribution center
      • Determines which systems may communicate
      • Provides one session key for that connection
    • Security service module (SSM)
      • Performs end to end encryption
      • Obtains keys for host
  • Message Authentication
    • Protection against active attacks
      • Falsification of data
      • Eavesdropping
    • Message is authentic if it is genuine and comes from the alleged source
    • Authentication allows receiver to verify that message is authentic
      • Message has not altered
      • Message is from authentic source
      • Message timeline
  • Authentication Using Encryption
    • Assumes sender and receiver are only entities that know key
    • Message includes:
      • error detection code
      • sequence number
      • time stamp
  • Authentication Without Encryption
    • Authentication tag generated and appended to each message
    • Message not encrypted
    • Useful for:
      • Messages broadcast to multiple destinations
        • Have one destination responsible for authentication
      • One side heavily loaded
        • Encryption adds to workload
        • Can authenticate random messages
      • Programs authenticated without encryption can be executed without decoding
  • Message Authentication Code
    • Generate authentication code based on shared key and message
    • Common key shared between A and B
    • If only sender and receiver know key and code matches:
      • Receiver assured message has not altered
      • Receiver assured message is from alleged sender
      • If message has sequence number, receiver assured of proper sequence
  • Message Authentication Using a Message Authentication Code
  • One Way Hash Function
    • Accepts variable size message and produces fixed size tag (message digest)
    • Advantages of authentication without encryption
      • Encryption is slow
      • Encryption hardware expensive
      • Encryption hardware optimized to large data
      • Algorithms covered by patents
      • Algorithms subject to export controls (from USA)
  • Message Authentication Using a One-Way Hash Function
  • Public Key Encryption
    • Based on mathematical algorithms
    • Asymmetric
      • Use two separate keys
    • Ingredients
      • Plain text
      • Encryption algorithm
      • Public and private key
      • Cipher text
      • Decryption algorithm
  • Public-Key Cryptography
  • Public Key Encryption - Operation
    • One key made public
      • Used for encryption
    • Other kept private
      • Used for decryption
    • Infeasible to determine decryption key given encryption key and algorithm
    • Either key can be used for encryption, the other for decryption
  • Steps
    • User generates pair of keys
    • User places one key in public domain
    • To send a message to user, encrypt using public key
    • User decrypts using private key
  • Digital Signature
    • Sender encrypts message with their private key
    • Receiver can decrypt using senders public key
    • This authenticates sender, who is only person who has the matching key
    • Does not give privacy of data
      • Decrypt key is public
  • Signatures
    • Handwritten signatures can verify that a document is
      • Authentic
        • The signature is mine and has not been altered
      • Unforgeable
        • Proves that I signed the document
      • Non-repudible
        • I cannot deny that I signed the document
  • Digital Signatures
    • Public key systems can also be used to provide message authentication:
      • The sender’s secret key can be used to encrypt a message, thereby signing it
      • This creates a digital signature of a message, which the recipient (or anyone else) can check by using the sender's public key to decrypt it.
      • This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else
  • Digital Properties
    • The properties of digital documents are different from paper documents
      • We need to be able to bind a signature to the entire sequence of bits that make up the document
      • How do I prevent someone from revealing their private key and then claiming they never signed something?
  • Message Digests
    • Message digests are used to create short, fixed-length representations of longer, variable-length messages
      • The goal is to make H(M) != H(M’)
      • Digest algorithms are designed to produce unique digests for different messages.
  • Digests
  • Next Problem
    • You digitally sign a document
    • Send the document to a bank
      • Encrypted using the bank’s public key
    • How do you
      • Verify that the public key you used to encrypt the message actually belongs to the bank?
      • How does the bank verify that you actually signed the document (or where do they get your public key)?
  • Certificates
    • A certificate associates a public key with the real identity of an individual, server, or other entity, known as the subject
    S u b jec t D i s t i n g u is he d N a m e, Pu b l ic K e y Iss ue r D i s t i n g u is he d N a m e, Si g n at u r e Pe ri o d o f v a li d i t y N o t Be f o r e Da t e, No t A f t e r D ate A d m i ni str a t ive i n fo rma ti o n V er si o n , S e r i a l N u mb e r Ex t en d e d I n f or m a t i o n
  • Certificate Authority
    • A trusted source of certificates
      • Verifying certificate requests
      • Processing certificate requests
      • Issuing and managing certificates
    • In previous example
      • I would get a certificate for the bank to obtain the public key of the bank
      • The bank would get a certificate to obtain my public key
  • The RSA Algorithm
    •   Key Generation
    •   Select p , q p and q both prime, p  q
    • Calculate n = p ´ q
    • Calculate f( n ) = ( p – 1)( q – 1)
    • Select integer e gcd(f( n ), e ) = 1; 1 < e < f( n )
    • Calculate d de mod f( n ) = 1
    • Public key KU = { e , n }
    • Private key KR = { d , n }
    • Encryption
    • Plaintext: M < n
    • Ciphertext: C = Me (mod n )
    • Decryption
    • Ciphertext: C
    • Plaintext: M = Cd (mod n )
  • Example of RSA Algorithm
  • Public-Key Certificate Use
  • Implementing Network Security using VPNs
    • Introduction to VPNS
    • Overview of VPNs
    • CPE-Based VPNs
    • Provider-Provisioned VPNs
      • Introduction to RFC 2547
      • Introduction to CCClLayer 2 MPLS VPN
      • lETF Standards Update
      • Conclusions
  • What is a VPN?
    • A private network constructed over a shared infrastructure
    • Virtual: not a separate physical network
    • Private: separate addressing and routing
    • Network: a collection of devices that communicate
    • Policies are key — global connectivity is not the goal
    Shared Infrastructure Mobile Users and Telecommuters Remote Access Branch Office Corporate Headquarters Suppliers, Partners and Customers Intranet Extranet
  • Deploying VPNs in the 1990s
    • Operational model
      • PVCs overlay the shared infrastructure (ATM/Frame Relay)
      • Routing occurs at customer premise
    • Benefits
      • Mature technologies
      • Relatively “secure”
      • Service commitments (bandwidth, availability, and more)
    • Limitations
      • Scalability, provisioning and management
      • Not a fully integrated IP solution
    Provider Frame Relay Network CPE CPE DLCI FR Switch DLCI DLCI FR Switch FR Switch
  • Deploying VPNs in the 21st'Century
    • Uses IP infrastructure
    • Can be,shared with Internet services increasing importance of IP/MPLS
    • Subscriber benefits
    • Lower operational expense
    • Single network connection
    • Provider benefits
    • Multiservice infrastructure
    • Creates additional source of revenue
    Shared Infrastructure Mobile Users and Telecommuters Remote Access Branch Office Corporate Headquarters Suppliers, Partners and Customers Intranet Extranet
  • VPN Classification Model
    • Customer-managed VPN solutions (CPE-VPNs)
      • Layer 2: L2TP and PPTP
      • Layer 3: IPSec
    • Provider-provisioned VPN solutions (PP-VPNs)
      • Layer 3: MPLS-Based VPNs (RFC 2547bis)
      • Layer 3: Non-MPLS-Based VPNs (Virtual Routers)
      • Layer2: MPLS VPNs
    PE PE CPE CPE Subscriber Site 3 PP-VPN Subscriber Site 2 CPE PE VPN Tunnel VPN Tunnel VPN Tunnel CPE PE PE PE CPE CPE CPE-VPN VPN Tunnel Subscriber Site 1 Subscriber Site 3 Subscriber Site 2 VPN Tunnel VPN Tunnel Subscriber Site 1
  • CPE- Based VPN’s
  • CPE-VPNs: L2TP and PPTP
    • Application: Dial access for remote users
    • Layer 2 Tunneling Protocol (L2TP)
    • RFC2661
    • Combination of L2f and Point-to-point Tunneling
    • Point-to-Point Tunneling Protocol (PPTP)
    • Bundled with Windows and Windows NT
    • Authentication during setup
    • lPSec can operate over PPP for stronger security
    V.x Modem PPP Dial up Service Provider or 或 VPN L2TP Access Server Dial Access Server L2TP Tunnel Dial Access Server PPTP Access Server PPTP Tunel Dial Access Provider
  • CPE-VPNs: IPSec Tunnel Mode
    • IPSec defines IETF Layer 3 security architecture
    • Applications - Strong security requirements, across one or multiple Service Providers
    • Customer responsible for key management
    • Security services include:
      • Access control
      • Data originauthentication
      • Replay protection
      • Dataintegrity
      • Data privacy (encryption/decryption)
      • Key management
  • CPE-VPNs: IPSec Example
    • Uses normal IP services from service provider
    • Protected packets forwarded by existing routers
    • Does not address QoS/SLAs
    • Minimal provider opportunity
    • Customer manages its own routing
    Corporate HQ Branch Office CPE CPE IPsec ESP Tunnel Public Internet
  • Customer Edge Routers
    • Customer Edge (CE) routers
      • Router or switch device located at customer premises providing access to the service provider network
      • Layer 2 (FR, ATM, Ethernet) and Layer 3 (IP, IPX, SNA …) independence of the service provider network
      • CEs within a VPN, uses the same L2 technology to access the service provider network
      • Requires a sub-interface per CE it needs to interconnect to within the VPN
      • Maintains routing adjacencies with other CEs within the VPN
  • Provider Edge Routers
    • Provider Edge (PE) routers
      • Maintain site-specific VPN Forwarding Tables
      • Exchange VPN Connection Tables with other PE routers using MP-IBGP or LDP
      • Use MPLS LSPs to forward VPN traffic
  • Provider Routers
    • Provider (P) routers
      • Forward data traffic transparently over established LSPs
      • Do not maintain VPN-specific forwarding information
  • VPN Forwarding Tables ( VFT )
    • Each VFT is populated with:
      • The forwarding information provisioned for the local CE sites
      • VPN Connection Tables received from other PEs via iBGP or LDP
    P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 VPN B Site 1 PE 1 PE 3 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P A V FT is created for each site connected to the PE OSPF OSPF OSPF ATM ATM ATM
  • VPN Connection Tables ( VCT )
    • The VCT is a subset of information hold by the VFT
    • VCTs are distributed by the PEs via iBGP or LDP
    Site 1 Site 2 Site 1 Site 2 PE-2 CE- 4 PE-1 CE-2 CE- 2 CE-1 VFT VFT VFT VFT A V CT is distributed for each VPN site to PE s MP-i BGP session / LDP
  • END